Hi usmcscout123,
Did you read this: http://xml.ssdsandbox.net/index.php/2dfe1699bd3fb09b140d5b95d023a275
Malware resides here: hxtp://213.155.31.136/hshhgajjsggsajd/sutra/kzkzhlipgpjvy.jar
Threat: a6a7a760c0e <<< JAVAMesdeh.D malware aka Trojan maljava
A malicious Java file that exploit one or more vulnerabilities, after essexboy’s cleansing routine you should update all the software on that computer after an online scan here: http://secunia.com/vulnerability_scanning/online/?task=load
But from the connections made, we have to conclude you probably have a SpyEye infection,
When a SpyEye bot running on an infected computer starts up, it immediately sends a message to check in with its Command & Control server. This first message contains some basic information about the bot infector and the computer it is running on. Here is an example, with the parameters highlighted.
http://(server)/gate.php?guid=uname!cname!1A2B3C4D&ver=10260&stat=ONLINE&ie=6.0
Quote source:
http://blog.fortinet.com/tag/research/ (author of article named “A Guide to SpyEye C&C Messages” by Doug Macdonald February 15, 2011)
polonus